csaf_ncscnl - ncsc-2025-0301

ncsc-2025-0301

Vulnerability from csaf_ncscnl

Published

2025-09-30 08:29

Modified

2025-09-30 08:29

Summary

Kwetsbaarheden verholpen in VMware NSX

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

VMware heeft kwetsbaarheden verholpen in VMware NSX

Interpretaties

De kwetsbaarheden in VMware NSX omvatten een zwak wachtwoordherstelmechanisme dat ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te enumereren, wat kan leiden tot potentiële brute-force aanvallen op inloggegevens. Daarnaast is er een kwetsbaarheid voor gebruikersnaam enumeratie die ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te identificeren, wat kan resulteren in ongeautoriseerde toegang tot het systeem.

Oplossingen

VMware heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-203

Observable Discrepancy

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "VMware heeft kwetsbaarheden verholpen in VMware NSX",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden in VMware NSX omvatten een zwak wachtwoordherstelmechanisme dat ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te enumereren, wat kan leiden tot potenti\u00eble brute-force aanvallen op inloggegevens. Daarnaast is er een kwetsbaarheid voor gebruikersnaam enumeratie die ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te identificeren, wat kan resulteren in ongeautoriseerde toegang tot het systeem. ",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "VMware heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Observable Discrepancy",
        "title": "CWE-203"
      },
      {
        "category": "general",
        "text": "Weak Password Recovery Mechanism for Forgotten Password",
        "title": "CWE-640"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
      }
    ],
    "title": "Kwetsbaarheden verholpen in VMware NSX",
    "tracking": {
      "current_release_date": "2025-09-30T08:29:24.969885Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0301",
      "initial_release_date": "2025-09-30T08:29:24.969885Z",
      "revision_history": [
        {
          "date": "2025-09-30T08:29:24.969885Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "NSX"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "NSX-T"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "vCenter"
          }
        ],
        "category": "vendor",
        "name": "VMware"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-41250",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        },
        {
          "category": "description",
          "text": "VMware vCenter has an SMTP header injection vulnerability that allows non-administrative users with scheduled task permissions to manipulate notification emails.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41250 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41250.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-41250"
    },
    {
      "cve": "CVE-2025-41251",
      "cwe": {
        "id": "CWE-640",
        "name": "Weak Password Recovery Mechanism for Forgotten Password"
      },
      "notes": [
        {
          "category": "other",
          "text": "Weak Password Recovery Mechanism for Forgotten Password",
          "title": "CWE-640"
        },
        {
          "category": "description",
          "text": "VMware NSX has a high-severity vulnerability (8.1) in its password recovery mechanism, allowing unauthenticated attackers to enumerate valid usernames, increasing the risk of credential brute-force attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41251 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41251.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-41251"
    },
    {
      "cve": "CVE-2025-41252",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "notes": [
        {
          "category": "other",
          "text": "Observable Discrepancy",
          "title": "CWE-203"
        },
        {
          "category": "description",
          "text": "VMware NSX has a high-severity username enumeration vulnerability that allows unauthenticated attackers to identify valid usernames, potentially leading to unauthorized access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41252 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41252.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-41252"
    }
  ]
}

CVE-2025-41250 (GCVE-0-2025-41250)

Vulnerability from cvelistv5

Published

2025-09-29 17:44

Modified

2025-09-30 03:55

Severity ?

8.5 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Summary

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

References

▼	URL	Tags
	https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Impacted products

Vendor

Product

Version

▼

VMware

vCenter

Version: 8.0 < 8.0 U3g
Version: 7.0 < 7.0 U3w

VMware	Cloud Foundation	Version: 9.x.x.x < 9.0.1.0 Version: 5.x < 5.2.2 Version: 4.5.x
VMware	Telco Cloud Platform	Version: 5.x, 4.x, 3.x, 2.x
VMware	Telco Cloud Infrastructure	Version: 3.x, 2.x
VMware	vSphere Foundation	Version: 9.x.x.x < 9.0.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41250",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-29T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T03:55:12.416Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "vCenter",
          "vendor": "VMware",
          "versions": [
            {
              "lessThan": "8.0 U3g",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0 U3w",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cloud Foundation",
          "vendor": "VMware",
          "versions": [
            {
              "lessThan": "9.0.1.0",
              "status": "affected",
              "version": "9.x.x.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.2",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "4.5.x"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Telco Cloud Platform",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "5.x, 4.x, 3.x, 2.x"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Telco Cloud Infrastructure",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "3.x, 2.x"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "vSphere Foundation",
          "vendor": "VMware",
          "versions": [
            {
              "lessThan": "9.0.1.0",
              "status": "affected",
              "version": "9.x.x.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-09-29T02:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware vCenter contains an SMTP header injection vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "VMware vCenter contains an SMTP header injection vulnerability.\u00a0A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T17:54:27.048Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Header injection vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2025-41250",
    "datePublished": "2025-09-29T17:44:27.967Z",
    "dateReserved": "2025-04-16T09:30:25.625Z",
    "dateUpdated": "2025-09-30T03:55:12.416Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-41251 (GCVE-0-2025-41251)

Vulnerability from cvelistv5

Published

2025-09-29 18:45

Modified

2025-09-30 03:55

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-640 - Weak Password Recovery Mechanism for Forgotten Password

Summary

VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 8.1 (High). Acknowledgments: Reported by the National Security Agency. Affected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x NSX-T 3.x VMware Cloud Foundation (with NSX) 5.x, 4.5.x Fixed Versions: NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287). Workarounds: None.

References

▼	URL	Tags
	https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Impacted products

	Vendor	Product	Version
	vmware	NSX	Version: VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x < Version: VMware NSX-T - 3.x < Version: VMware Cloud Foundation (with NSX) - 5.x, 4.5.x < Patch: VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41251",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-29T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T03:55:13.262Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NSX",
          "vendor": "vmware",
          "versions": [
            {
              "status": "affected",
              "version": "VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "VMware NSX-T - 3.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "VMware Cloud Foundation (with NSX) - 5.x, 4.5.x",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-09-29T18:26:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\u003cbr\u003e\u003cb\u003e\u003cbr\u003eImpact:\u003c/b\u003e\u0026nbsp;Username enumeration \u2192 credential brute force risk.\u003cbr\u003e\u003cb\u003eAttack Vector:\u003c/b\u003e\u0026nbsp;Remote, unauthenticated.\u003cbr\u003e\u003cb\u003eSeverity:\u003c/b\u003e\u0026nbsp;Important.\u003cbr\u003e\u003cb\u003eCVSSv3:\u003c/b\u003e\u0026nbsp;8.1 (High).\u003cbr\u003e\u003cb\u003e\u003cbr\u003eAcknowledgments:\u003c/b\u003e\u0026nbsp;Reported by the National Security Agency.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eAffected Products:\u003c/b\u003e\u003cp\u003eVMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\u003c/p\u003eNSX-T 3.x\u003cbr\u003eVMware Cloud Foundation (with NSX) 5.x, 4.5.x\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFixed Versions:\u003c/b\u003e NSX 9.0.1.0; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://4.2.2.2/4.2.3.1\"\u003e4.2.2.2/4.2.3.1\u003c/a\u003e; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\u003cbr\u003e\u003cb\u003eWorkarounds:\u003c/b\u003e None.\u003cbr\u003e\u003cul\u003e\n\u003c/ul\u003e\n\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\n\nImpact:\u00a0Username enumeration \u2192 credential brute force risk.\nAttack Vector:\u00a0Remote, unauthenticated.\nSeverity:\u00a0Important.\nCVSSv3:\u00a08.1 (High).\n\nAcknowledgments:\u00a0Reported by the National Security Agency.\n\nAffected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\nNSX-T 3.x\nVMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\nFixed Versions: NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\nWorkarounds: None."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-50",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-50 Password Recovery Exploitation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-640",
              "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T18:45:16.614Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Weak password recovery vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2025-41251",
    "datePublished": "2025-09-29T18:45:16.614Z",
    "dateReserved": "2025-04-16T09:30:25.625Z",
    "dateUpdated": "2025-09-30T03:55:13.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-41252 (GCVE-0-2025-41252)

Vulnerability from cvelistv5

Published

2025-09-29 19:02

Modified

2025-09-29 19:14

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-203 - Observable Discrepancy

Summary

Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration → facilitates unauthorized access. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 7.5 (High). Acknowledgments: Reported by the National Security Agency. Affected Products: * VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x * NSX-T 3.x * VMware Cloud Foundation (with NSX) 5.x, 4.5.x Fixed Versions: * NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287). Workarounds: None.

References

▼	URL	Tags
	https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Impacted products

	Vendor	Product	Version
	VMware	NSX	Version: VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x < Version: VMware NSX-T 3.x < Version: VMware Cloud Foundation (with NSX) 5.x, 4.5.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41252",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-29T19:14:25.259914Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-29T19:14:38.914Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NSX",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "VMware NSX-T 3.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "VMware Cloud Foundation (with NSX) 5.x, 4.5.x"
            },
            {
              "status": "unaffected",
              "version": "VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003eDescription: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\u003c/p\u003e\n\u003cp\u003eImpact: Username enumeration \u2192 facilitates unauthorized access.\u003c/p\u003e\n\u003cp\u003eAttack Vector: Remote, unauthenticated.\u003c/p\u003e\n\u003cp\u003eSeverity: Important.\u003c/p\u003e\n\u003cp\u003eCVSSv3: 7.5 (High).\u003c/p\u003e\n\u003cp\u003eAcknowledgments: Reported by the National Security Agency.\u003c/p\u003e\n\u003cp\u003eAffected Products:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eVMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\u003cbr\u003e\u003c/li\u003e\u003cli\u003eNSX-T 3.x\u003cbr\u003e\u003c/li\u003e\u003cli\u003eVMware Cloud Foundation (with NSX) 5.x, 4.5.x\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n\u003cp\u003eFixed Versions:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNSX 9.0.1.0; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://4.2.2.2/4.2.3.1\"\u003e4.2.2.2/4.2.3.1\u003c/a\u003e; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eWorkarounds: None.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\n\n\nImpact: Username enumeration \u2192 facilitates unauthorized access.\n\n\nAttack Vector: Remote, unauthenticated.\n\n\nSeverity: Important.\n\n\nCVSSv3: 7.5 (High).\n\n\nAcknowledgments: Reported by the National Security Agency.\n\n\nAffected Products:\n\n\n\n  *  VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\n  *  NSX-T 3.x\n\n  *  VMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\n\n\n\n\n\n\n\n\n\n\n\nFixed Versions:\u00a0\n\n\n\n  *  NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\n\n\n\n\n\n\nWorkarounds: None."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203 Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T19:02:07.283Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Username enumeration vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2025-41252",
    "datePublished": "2025-09-29T19:02:07.283Z",
    "dateReserved": "2025-04-16T09:30:25.625Z",
    "dateUpdated": "2025-09-29T19:14:38.914Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

ncsc-2025-0301

Vulnerability from csaf_ncscnl

CVE-2025-41250 (GCVE-0-2025-41250)

Vulnerability from cvelistv5

CVE-2025-41251 (GCVE-0-2025-41251)

Vulnerability from cvelistv5

CVE-2025-41252 (GCVE-0-2025-41252)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature